<!--
Computer Science Course 531 - Introduction to Software Engineering
Olive Insurance Client Management System (Client Database Access)
Version 1.0 (Base System)
Spring 2011

-- Source Code Details --
Page Tile: mainPage.php
Created By: David Gonzalez, Computer Science (Undergraduate)
Documented By: Darrius Serrant, Computer Science (Undergraduate)
Purpose: User interface that provides users access to the entire application through
         basic username/password authentication.

Status: In Evaluation: The login feature is currently configured to only accept two
                        unique username/password combinations (shown below)
                            Standard User Account
                                (u/n) Agent
                                (p/w) Agent
                            System Administrator Account
                                (u/n) Admin
                                (p/w) Admin
                        Furthermore, connectivity to the MySQL relational database has been
                        excluded in this initial release, and will be included in the next release
                        of this software.
-->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<?php
require_once ('connectvars.php');
session_start();
$error_msg = "";
if(!isset ($_COOKIE['lutried'])) setcookie('lutried');
if(!isset ($_COOKIE['ntried'])) setcookie('ntried', 0);
if(!isset ($_SESSION['user_name'])){
    if(isset ($_POST['submit'])){
        $dbc = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME);

        $username = mysqli_real_escape_string($dbc,trim($_POST['username']));
        $password = mysqli_real_escape_string($dbc,trim($_POST['password']));
      
        if(strcmp($_COOKIE['lutried'],$username) == 0){
            $num = (int) $_COOKIE['ntried'];
            $num++;
            setcookie('ntried',$num);
        }else{
            setcookie('lutried',$username);
            setcookie('ntried',1);
        }

        if(!empty ($username) && !empty ($password)){
            $query = "SELECT Username, DISABLED FROM agent WHERE Username = '$username' AND " .
            "password = SHA('$password')";
            $data = mysqli_query($dbc, $query);

            if(mysqli_num_rows($data) == 1){
                $row = mysqli_fetch_array($data);
                if($row['DISABLED'] == 1){
                    $error_msg = 'Sorry your account has been locked. Please contct Administrator.';
                }else {$_SESSION['user_name'] = $row['Username'];
                    setcookie('lutried','',time()-3600);
                    setcookie('ntried','',time()-3600);
                    header('Location: http://localhost:8888/PHP3/signIn.php');
                }
            }
            else{
                $error_msg = 'Sorry :(';
                if($_COOKIE['ntried'] == 5 && $username != 'Admin'){
                    $query = "UPDATE agent SET DISABLED = '1' WHERE Username = '$username'";
                    $data = mysqli_query($dbc, $query) or die("Error Updating1");

                    mysqli_close($dbc);
                }
            }
        }
        else{
            $error_msg = 'Sorry :{';
        }
    }
}
?>

<html>
    <head>
        <title>Log In:</title>
    </head>
    <body>
        <h3>Log In:</h3>
        <?php
        if(empty($_SESSION['user_name'])){
            echo $error_msg;
            ?>
        <form method="post" action="signIn.php">
            <label for ="username">UserName:</label>
            <input type ="text" id="username" name ="username"/> <br/>
            <label for ="password">Password:</label>
            <input type ="password" id ="password" name ="password"/>
            <input type ="submit" value="Log In" name ="submit" />
        </form>
        <?php
        }
        else{
            echo 'You are Logged In :) <br>';
            header('Refresh: 2; http://localhost:8888/PHP3/mainPage.php');
            echo 'You will be transfered to main page...';

        }
        ?>
    </body>
</html>